[GNUnet-SVN] r19448 - gnunet/src/vpn

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r19448 - gnunet/src/vpn

From:	gnunet
Subject:	[GNUnet-SVN] r19448 - gnunet/src/vpn
Date:	Thu, 26 Jan 2012 17:11:25 +0100

Author: grothoff
Date: 2012-01-26 17:11:25 +0100 (Thu, 26 Jan 2012)
New Revision: 19448

Modified:
   gnunet/src/vpn/gnunet-service-vpn.c
Log:
-check tcp off value

Modified: gnunet/src/vpn/gnunet-service-vpn.c
===================================================================
--- gnunet/src/vpn/gnunet-service-vpn.c 2012-01-26 16:11:16 UTC (rev 19447)
+++ gnunet/src/vpn/gnunet-service-vpn.c 2012-01-26 16:11:25 UTC (rev 19448)
@@ -895,6 +895,11 @@
        return;
       }
       udp = payload;
+      if (udp->len < sizeof (struct GNUNET_TUN_UdpHeader))
+      {
+       GNUNET_break_op (0);
+       return GNUNET_SYSERR;
+      }
       spt = ntohs (udp->spt);
       dpt = ntohs (udp->dpt);
       get_tunnel_key_from_ips (af,
@@ -915,6 +920,11 @@
        return;
       }
       tcp = payload;
+      if (tcp->off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
+      {
+       GNUNET_break_op (0);
+       return GNUNET_SYSERR;
+      }
       spt = ntohs (tcp->spt);
       dpt = ntohs (tcp->dpt);
       get_tunnel_key_from_ips (af,
@@ -2203,6 +2213,11 @@
                inet_ntop (ts->af, &ts->source_ip, dbuf, sizeof (dbuf)),
                ts->source_port);
   }
+  if (data->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
   switch (ts->af)
   {
   case AF_INET:

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r19448 - gnunet/src/vpn, gnunet <=

Prev by Date: [GNUnet-SVN] r19447 - gnunet/src/exit
Next by Date: [GNUnet-SVN] r19449 - gnunet/src/vpn
Previous by thread: [GNUnet-SVN] r19447 - gnunet/src/exit
Next by thread: [GNUnet-SVN] r19449 - gnunet/src/vpn
Index(es):
- Date
- Thread